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DETAILED ACTION 
Continued Examination Under 37 CFR LI 14 
A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on December 4, 2006 has been entered. 

Status of Claims 

This communication is in response to remarks and amendment filed on April 9, 2007. 

■ Claims 1, 25, 37 and 52 have been amended. 

■ Claims 19, 22, 48 and 51 have been cancelled. 

■ Claims 1-7, 9-18, 20, 21, 23-37, 39-41, 44-47, 49, 50 and 52-54 remain pending. 

Response to Arguments 
Applicant's arguments filed on October 6, 2006 have been fully considered but they are 
not persuasive. 

Applicant's amendment to the claims adding the limitation, "communicating said 
authentication data between said trusted party and said presenter during said enrollment process, 
said authentication data being known only to said trusted party and to said presenter," fails to 
overcome the cited rejection. 

By way of example, Applicant's amendment recites that a user during an enrollment 
process enters a password that is only known to the user and the receiving entity (trusted party), 
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which in turn is used for authentication. Tsuei discloses assigning passwords (paragraphs 104- 
139, 164, 188) by a user to authenticate access and transactions via a trusted party. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-7, 9-18, 20, 21, 23-37, 39-41, 44-47, 49, 50 and 52-54 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Carrott et al. (hereinafter Carrott, 6,839,692 B2), 
in view of Tsuei et al. (hereinafter Tsuei, US 2004/0083184 Al). 

As per Claims 1-3, 6, 7, 37 and 41, Carrott discloses a method involving a presenter, a 
trusted party, and an acceptor for validating profile data of said presenter during an on-line 
transaction comprising: receiving said profile data at said trusted party (Col. 2, lines 5-10; Col. 
3, lines 4-10; Col. 4, lines 8-18; Col. 5, lines 25-38 and 55-67; Col. 6, lines 60-65); receiving and 
comparing said profile data against reference data stored by said trusted party (Col. 2, lines 5-10 
and 20-33; Col. 3, lines 4-10; Col. 7, lines 4-10 and 17-25); notifying said acceptor by said 
trusted party that said profile data of said presenter is either authentic or erroneous, whereby said 
trusted party validates said profile data of said presenter for the benefit of said acceptor (Col. 2, 
lines 5-10 and 20-33; Col. 7, lines 24-42). 

Carrott does not explicitly disclose receiving by said trusted party an enrollment process, 
profile data and enrollment data from said presenter and verifying the identity of said presenter, 
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said trusted party being an issuer of an account to said presenter wherein authentication data is 
received and validated as per the customer profile during an online transaction. 

Tsuei, however, teaches a dynamic and comprehensive system and method for processing 
and authentication of transactions via identified customer profiles without revealing any 
information the requesting party (see figure 2 and associated text, If 14, 17 19, 25, 66). According 
to Tsuei, once a subscriber enrolls and registers providing profile and enrollment data, a unique 
identifier is associated with that customer, upon matching such data and verification of the 
identity and credentials of the customer, notification is provided for the benefit of the requesting 
party over the Internet (summary of the invention, fig 2 and associated text, 1}14, 17, 19, 70-74, 
89-1 14; also see 158-160, creation of vault database). Therefore, it would have been obvious for 
one of ordinary skill in the art at the time of the invention to modify Carrot's purchase 
transaction system to provide an anonymous transaction verification mechanism to provide 
security to the subscriber while at the at the same time providing further verification 
confirmation for the requestor. 

Furthermore, Carrott does not explicitly disclose communicating said authentication data 
between said trusted party and said presenter during said enrollment process, said authentication 
data being known only to said trusted party and to said presenter. 

Tsuei teaches that HPS 118 uses a standard credit card authorization system. However, 
the issuer must establish a method for authenticating the cardholder of an alias account. In an 
embodiment of the invention, this is accomplished by using the alias "password" that was 
entered during account setup. The issuer should also have some special procedures to handle 
referrals and hot calls. Since none of the information on the alias account is real, a phone number 
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is set in the phone number field that will allow the issuer to communicate with the vault and 
request contact with the cardholder [0139]. Therefore, it would have been obvious to one of 
ordinary skill in the art to modify Carrott to include assigning a password during the enrollment 
process that is known to the user and sent to the trusted party to authenticate communication 
between the parties. 

As per claims 4 and 5, Carrott further discloses wherein the presenter and the acceptor 
communicate with said trusted party over the Internet (Abstract; Figure 1; Col. 3, lines 45-55; 
Col. 8, lines 10-15). 

As per claims 9, 10, 44, 45, Carrot fails to disclose as noted above, however, Tsuei 
teaches a system wherein the program identity is an account number of financial account wherein 
the trusted third party maintains said account (fig 12-17, 20 and associated text). It would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to modify the 
method of Carrott et al and include a program identity number such as an account number, 
unique identifier or other code of some sort issued and stored by the trusted party so that the 
trusted party has a unique number or code associated with the presenter as taught by Tsuei et al 
and which may be used later to identify the presenter or an account maintained by the trusted 
party. 

As per claims 11-12 and 14-17, Carrott et al further disclose initiating communications 
between the presenter and acceptor and receiving profile data and a program identity number at 
the acceptor for the presenter (Col. 4, lines 5-18; Col. 5, lines 25-38). Carrott et al, however, fail 
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to explicitly disclose receiving identity data at the acceptor. Tsuei et al disclose a method for 
verifying the identity of on-line credit card purchasers and further teach receiving, at a trusted 
party, authenticating data from the presenter; comparing, by the trusted party, the authenticating 
data against pre-designated authenticating data previously designated for the presenter and 
notifying the acceptor by the trusted party that the identity of the presenter is either authentic or 
erroneous, whereby the trusted party authenticates the identity of the presenter for the benefit of 
the acceptor (fig 2, 12-20 and associated text, ^12-30, 70-158). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to modify the method of 
Carrott et al and include authenticating the identity of the purchaser as taught by Tsuei et al so 
that the merchant is ensured that the purchaser is the authorized user for the credit card. Tsuei et 
al provides motivation by indicating that there is a need for a method or system for verifying the 
identity of an on-line purchaser, and ensuring to a reasonable extent that the purchaser is in fact 
the party authorized to use the credit card presented for payment. 

As per claim 13, Carrott et al further disclose querying the trusted party by the acceptor 
whether account data updating can be provided (Col. 2, lines 25-33). 

As per claims 18 and 20-21, Carrott et al further disclose transmitting a data 
authentication request message from said acceptor to said trusted party in order to request that 
said trusted party validate said profile data of said presenter as discussed above. Carrott et al, 
however, fail to disclose requesting that the third party authenticate the identity of the presenter. 
Tsuei et al disclose a method for requesting that the trusted party verifying the identity of on-line 
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credit card purchasers and further teach notifying the acceptor that the identity is authentic when 
the data matches (fig 2, 12-20 and associated text, f 12-30, 70-158). It would have been obvious 
to one of ordinary skill in the art at the time of applicant's invention to modify the method of 
Carrott et al and include authenticating the identity of the purchaser as taught by Tsuei et al so 
that the merchant is ensured that the purchaser is the authorized user for the credit card. Tsuei et 
al provides motivation by indicating that there is a need for a method or system for verifying the 
identity of an on-line purchaser, and ensuring to a reasonable extent that the purchaser is in fact 
the party authorized to use the credit card presented for payment. 

As per claims 23-24, Carrott et al further disclose providing, by the trusted party, of 
updated profile data when the profile data is determined to be out of date (Col. 2, lines 25-33, see 
also updating disclosed in Tsuei). 

As per claims 25, 27, 52 and 54, Carrott et al disclose an on-line data authentication 
system comprising: a trusted party who receives, validates and provides profile data of a 
presenter (Figure 1; Col. 2, lines 5-10 and 20-33; Col. 3, lines 4-10; Col. 4, lines 8-18; Col. 5, 
lines 25-38 and 55-67; Col. 6, lines 60-65; Col. 7, lines 4-10 and 17-25); an acceptor who 
conducts a transaction with said presenter and who requests said trusted party to validate said 
profile data of said presenter (Figure 1; Col. 6, lines 60-67; Col. 7, lines 1-10); and a directory 
server configured to determine the existence of said trusted party who will be able to validate 
said profile data of said presenter (Col. 6, lines 60-67; Col. 7, lines 1-10). 
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Carrott et al further disclose local user authentication wherein the user inputs a user ID 
and password which is then verified by the users computer prior to proceeding (Col. 5, lines 57- 
63; Col. 6, lines 20-25). Carrott et al, however, fail to explicitly disclose receiving authentication 
data at a trusted party during an enrollment process, said trusted party being an issuer of an 
account to said presenter in which enrollment data is used to verify the identity of said presenter, 
and an acceptor requesting the trusted party to authenticate the identity of the presenter. Tsuei et 
al disclose a method for verifying the identity of on-line credit card purchasers and further teach 
receiving during an enrollment process, at a trusted party, authenticating data from the presenter; 
comparing, by the trusted party, the authenticating data against pre-designated authenticating 
data previously designated for the presenter; and notifying the acceptor by the trusted party that 
the identity of the presenter is either authentic or erroneous, whereby the trusted party 
authenticates the identity of the presenter for the benefit of the acceptor (fig 2, 12-20 and 
associated text, 1J12-30, 70-158). It would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to modify the method of Carrott et al and include authenticating 
the identity of the purchaser as taught by Tsuei et al so that the merchant is ensured that the 
purchaser is the authorized user for the credit card. Tsuei et al provides motivation by indicating 
that there is a need for a method or system for verifying the identity of an on-line purchaser, and 
ensuring to a reasonable extent that the purchaser is in fact the party authorized to use the credit 
card presented for payment. 

Furthermore, Carrott does not explicitly disclose communicating said authentication data 
between said trusted party and said presenter during said enrollment process, said authentication 
data being known only to said trusted party and to said presenter. 
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Tsuei teaches that HPS 118 uses a standard credit card authorization system. However, 
the issuer must establish a method for authenticating the cardholder of an alias account. In an 
embodiment of the invention, this is accomplished by using the alias "password" that was 
entered during account setup. The issuer should also have some special procedures to handle 
referrals and hot calls. Since none of the information on the alias account is real, a phone number 
is set in the phone number field that will allow the issuer to communicate with the vault and 
request contact with the cardholder [0139]. Therefore, it would have been obvious to one of 
ordinary skill in the art to modify Carrott to include assigning a password during the enrollment 
process that is known to the user and sent to the trusted party to authenticate communication 
between the parties. 

As per claims 26 and 53, Carrott et al further disclose wherein the presenter and the 
acceptor communicate with said trusted party over the Internet (Abstract; Figure 1; Col. 3, lines 
45-55; Col. 8, lines 10-15). 

As per claim 28, Carrott et al fail to disclose as above, however, Tsuei et al disclose 
receiving and storing authenticating data from the presenter at the trusted party wherein the 
authenticating data becomes the pre-designated authenticating data (fig 2, 12-20 and associated 
text, 12-30, 70-158). It would have been obvious to one of ordinary skill in the art at the time 
of applicant's invention to modify the method of Carrott et al and include receiving and storing, 
at the trusted party, authenticating data of the purchaser as pre-designated authenticating data for 
purposes of authenticating the identity of the purchaser as taught by Tsuei et al so that the 
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merchant is ensured that the purchaser is the authorized user for the credit card. Tsuei et al 
provides motivation by indicating that there is a need for a method or system for verifying the 
identity of an on-line purchaser, and ensuring to a reasonable extent that the purchaser is in fact 
the party authorized to use the credit card presented for payment. 

As per claims 29-30, Carrott et al fail to disclose, however, Tsuei et al disclose providing, 
by the trusted party, to the presenter a program identity number which is correlated with the 
identity, profile data and authenticating data and storing the program identity number by the 
trusted party (fig 2, 12-20 and associated text, U 12-30, 70-1 58). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to modify the method of 
Carrott et al and include a program identity number such as an account number, unique identifier 
or other code of some sort issued and stored by the trusted party so that the trusted party has a 
unique number or code associated with the presenter as taught by Tsuei et al and which may be 
used later to identify the presenter or an account maintained by the trusted party. 

As per claims 31-32, Carrott et al disclose a request message transmitted from the 
acceptor to the trusted party via a directory server, the message containing a query as to whether 
the trusted party will be able to validate the profile data of the presenter (Col. 6, lines 45-67) and 
a response message for validating the profile data of the presenter (Col. 2, lines 5-10 and 20-33; 
Col. 7, lines 24-42). Carrott et al, however, fail to disclose transmitting a message to the third 
party querying the third party as to whether the third party will be able to authenticate the 
identity of the presenter. Tsuei et al disclose a method for requesting that the trusted party 
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verifying the identity of on-line credit card purchasers and further teach notifying the acceptor 
that the identity is authentic when the data matches (fig 2, 12-20 and associated text, T|12-30, 70- 
158). It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to modify the method of Carrott et al and include authenticating the identity of the 
purchaser as taught by Tsuei et al so that the merchant is ensured that the purchaser is the 
authorized user for the credit card. Tsuei et al provides motivation by indicating that there is a 
need for a method or system for verifying the identity of an on-line purchaser, and ensuring to a 
reasonable extent that the purchaser is in fact the party authorized to use the credit card presented 
for payment. 

As per claims 33-36, Carrott et al disclose a request message transmitted from the 
acceptor to the trusted party via a directory server, the message requesting that the trusted party 
validate the profile data of the presenter, the request message including profile data of the 
presenter (Col. 2, lines 5-10; Col. 3, lines 4-10; Col. 4, lines 8-18; Col. 5, lines 25-38 and 55-67; 
Col. 6, lines 60-65) and a response message for validating the profile data of the presenter and 
whether or not the profile data is accurate or contains errors (Col. 2, lines 5-10 and 20-33; Col. 7, 
lines 24-42). Carrott et al, however, fail to disclose transmitting a message to the third party 
requesting that the third party authenticate the identity of the presenter. Tsuei et al disclose a 
method for requesting that the trusted party verifying the identity of on-line credit card 
purchasers and further teach notifying the acceptor that the identity is authentic when the data 
matches (fig 2, 12-20 and associated text, f 12-30, 70-158). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to modify the method of Carrott et al 
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and include authenticating the identity of the purchaser as taught by Tsuei et al so that the 
merchant is ensured that the purchaser is the authorized user for the credit card. Tsuei et al 
provides motivation by indicating that there is a need for a method or system for verifying the 
identity of an on-line purchaser, and ensuring to a reasonable extent that the purchaser is in fact 
the party authorized to use the credit card presented for payment. 

As per claims 39-40, Carrott et al further disclose wherein the presenter, acceptor and 
trusted party communicate over the Internet (Abstract; Figure 1; Col. 3, lines 45-55; Col. 8, lines 
10-15). 

As per claim 46, Carrott et al further disclose wherein the identity and profile data 
include at least the name and address of the presenter (Col. 2, lines 20-33; Col. 5 line 60-Col. 6 
line 3; Col. 7, lines 24-34). 

As per claims 47 and 50, Carrott et al further disclose transmitting a data authentication 
request message from said acceptor to said trusted party in order to request that said trusted party 
provide said profile data of said presenter (Figure 2; Col. 2, lines 20-33; Col. 5 line 60-Col. 6 line 
3; Col. 7, lines 24-34); and transmitting a data authentication response message from said trusted 
party to said acceptor, said data authentication response message containing said profile data of 
said presenter (Col. 2, lines 20-33; Col. 5 line 60-Col. 6 line 3; Col. 7, lines 24-34). 
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As per claim 49, Carrott et al fail to disclose the features noted as per claim 37 above and 
asking the presenter, by the trusted party, for permission to provide the profile data of the 
presenter to the acceptor. However, Tsuei et al disclose requesting the presenter, by the trusted 
party, for the authenticating data (fig 2, 12-20 and associated text, ^12-30, 70-158). Examiner 
takes Official Notice, however, that utilizing a third party entity to essentially filter customer 
personal or profile data provided to merchants based on permissions controlled by the customer 
is well known in the art and it would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to modify the reference to Carrott et al and include the ability to 
filter the information provided to the merchant. One would have been motivated to filter this 
type of customer personal or profile data since it was well known at the time of applicant's 
invention that consumers were generally concerned about divulging personal or private 
information. 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified citations 
are representative of the teachings in the art and are applied to the specific limitations within 
the individual claim, other passages and figures may apply as well It is respectfully requested 
from the applicant, in preparing the response, to consider fully the entire references as 
potentially teaching all or part of the claimed invention, as well as the context of the passage 
as taught by the prior arts or disclosed by the examiner. 

Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bradley B. Bayat whose telephone number is 571-272-6704. The 
examiner can normally be reached on Tuesday-Friday 8 a.m.-6:30 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000: 




Bradley B. Bayat 
Primary Examiner 
Art Unit 3621 



